$search_query = "select SQL_CALC_FOUND_ROWS * from king"; $usersearch= mysql_real_escape_string($_GET['usersearch']); $clean_search = str_replace('、', ' ',$clean_search); $clean_search = str_replace(' ', ' ',$usersearch); $search_words = explode(' ', $clean_search); $final_search_words = array(); if (count($search_words) > 0) { foreach ($search_words as $word) { if (!empty($word)) { $final_search_words[] = $word; } } } // Generate a WHERE clause using all of the search keywords $where_list = array(); if (count($final_search_words) > 0) { foreach($final_search_words as $word) { $where_list[] = "syou LIKE '%$word%'"; } } $where_clause = implode(' AND ', $where_list); // Add the keyword WHERE clause to the search query if (!empty($where_clause)) { $search_query .= " WHERE $where_clause"; } $pid = intval($_GET['pid']); if ($pid < 1) $pid = 1; $limit_start_rows = ( $pid - 1 ) * 10; $search_query .= " LIMIT {$limit_start_rows}, 10"; $result = mysql_query($search_query); $num_rows_result = mysql_query("SELECT FOUND_ROWS()"); $num_rows = mysql_fetch_assoc($num_rows_result); $num_rows = $num_rows['FOUND_ROWS()']; if($num_rows== 0){ $message="該当データは見つかりませんでした。"; } else $message=$num_rows ."件該当しました<br/>"; echo $message; while($row = mysql_fetch_array($result) ２行目でGETした文字をmysql_real_escape_string()で囲っただけですが大丈夫でしょうか。。